Cisco ASA 5505 unable to authenicate against Raduis, NT or other remote server

I have a ASA 5505 which I recently upgraded our other server system I am not a Cisco guy. I set up the VPN to authenticate against a remote server I have tried radius, NT and when you test them the network credentials work. However the only way I can give users access is to add them as a local user. Secondly the remote user can not access the internet via browsers on their laptops where they could before they can access internal resources mail files etc. So if someone can help point me to activating remote authentication being able to have users internet access when connected to the VPN.

Post the config minus identifying information to make sure you have auth servers defined. Make sure your VPN is defined to use aaa and not local.
Check whether the radius servers are configured to respond to the VPN type request.

I'll have to get the config on Monday. But I configured both a Radius and NT server per Cisco and in Asdm you can test authenticate against both servers successfully but when you login the ASA will only authenticated against the AAA local users. Now I am not sure what step I am missing previously there was a group name along with the username and password when you logged in now it's just the username and password fields the previous server was 2003 sbs where we are on server 2012. I will post the config as soon as I can.

Look at the client side network mapping see what it has for interesting traffic and what is allowed

I think your nat0 and your inside-network/24 is where.

Do you want to exclude all IPSEC/VPN traffic from going through ACL rules?
If yes, add the networks to the nat0 rule.
If you want to control what VPN users can and can not access, make sure to setup the ACL rules for VPN ips to the various locations.

0

cameljoe121Author Commented: 2013-06-10

There are only a few VPN users and they will have access to all of the network resources so should I just leave the ACL blank?